CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
59.3%
Florian Grandel reports:
I have not had the time to analyze all of syslog-ng code.
But by reading the code section near the chroot call and looking
at strace results I believe that syslog-ng does not chdir to the
chroot jail’s location before chrooting into it.
This opens up ways to work around the chroot jail.